Configuring User Sign In Policies

( mc ch mp realm vo url cho user truy cp vo)

To create or configure user sign-in policies:
1. In the admin console, select Authentication > Signing In > Sign-in
Policies.
2. To create a new sign-in policy, click New URL. Or, to edit an existing
policy, click a URL in the Administrator URLs or User URLs column.
3. Select Users or Administrators to specify which type of user can sign
into Secure Access using the access policy.
4. In the Sign-in URL field, enter the URL that you want to associate with
the policy. Use the format <host>/<path> where <host> is the host
name of the Secure Access device, and <path> is any string you want
users to enter. For example: partner1.yourcompany.com/outside. To
specify multiple hosts, use the * wildcard character.
To specify that all administrator URLs should use the sign-in page,
enter */admin.

You may only use wildcard characters (*) in the beginning

of the host name portion of the URL. Secure Access does not
recognize wildcards in the URL path.

SAML authentication does not support sign-in URLs that

contain multiple realms. Instead, map each sign-in URL to a
single realm.

5. (optional) Enter a Description for the policy.

6. From the Sign-in Page list, select the sign-in page that you want to
associate with the policy. You may select the default page that comes
with Secure Access, a variation of the standard sign-in page, or a
custom page that you create using the customizable UI feature.
7. (User URLs only) In the Meeting URL field, select the meeting URL that
you want to associate with this sign-in policy. Secure Access applies the

specified meeting URL to any meeting created by a user who signs into
this user URL.
8. Under Authentication realm, specify which realm(s) map to the policy,
and how users and administrators should pick from amongst realms. If
you select:
o User types the realm nameSecure Access maps the sign-in
policy to all authentication realms, but does not provide a list of
realms from which the user or administrator can choose. Instead,
the user or administrator must manually enter his realm name
into the sign-in page.
o User picks from a list of authentication realmsSecure Access
only maps the sign-in policy to the authentication realms that
you choose. Secure Access presents this list of realms to the user
or administrator when he signs-in to Secure Access and allows
him to choose a realm from the list. (Note that Secure Access
does not display a drop-down list of authentication realms if the
URL is only mapped to one realm. Instead, it automatically uses
the realm you specify.)

Note: If you allow the user to pick from multiple realms and one of
those realms uses an anonymous authentication server, Secure Access
does not display that realm in the drop-down realm list. To effectively
map your sign-in policy to an anonymous realm, you must add only
that realm to the Authentication realm list.

9. Click Save Changes.

Enabling and Disabling Sign-In Policies
To enable and disable sign-in policies:
1. In the admin console, choose Authentication > Signing In > Signin Policies.
2. To enable or disable:
o An individual policySelect the check box next to the policy
that you want to change, and then click Enable or Disable.

o All user and meeting policiesSelect or deselect the

Restrict access to administrators only check box at the top
of the page.
If you select this option, all user sessions are immediately
terminated. If this device is part of a cluster, all user sessions
across all nodes in the cluster are immediately terminated.
3. Click Save Changes.
Specifying the Order in Which Sign-In Policies are Evaluated
Secure Access evaluates sign-in policies in the same order that you list them
on the Sign-in Policies page. When it finds a URL that matches exactly, it
stops evaluating and presents the appropriate sign-in page to the
administrator or user. For example, you may define two administrator sign-in
policies with two different URLs:

The first policy uses the URL */admin and maps to the default
administrator sign-in page.

The second policy uses the URL yourcompany.com/admin and maps to

a custom administrator sign-in page.

If you list the policies in this order on the Sign-in Policies page, Secure Access
never evaluates or uses the second policy because the first URL
encompasses the second. Even if an administrator signs in using the
yourcompany.com/admin URL, Secure Access displays the default
administrator sign-in page. If you list the policies in the opposite order,
however, Secure Access displays the custom administrator sign-in page to
those administrators who access Secure Access using the
yourcompany.com/admin URL.
Note that Secure Access only accepts wildcard characters in the host name
section of the URL and matches URLs based on the exact path. For example,
you may define two administrator sign-in policies with two different URL
paths:

The first policy uses the URL */marketing and maps to a custom sign-in
page for the entire Marketing Department.

The second policy uses the URL */marketing/joe and maps to a custom
sign-in page designed exclusively for Joe in the Marketing Department.

If you list the policies in this order on the Sign-in Policies page, Secure Access
displays Joes custom sign-in page to him when he uses the
yourcompany.com/marketing/joe URL to access Secure Access. He does not
see the Marketing sign-in page, even though it is listed and evaluated first,
because the path portion of his URL does not exactly match the URL defined
in the first policy.
To change the order in which administrator sign-in policies are evaluated:
1. In the admin console, choose Authentication > Signing In > Signin Policies.
2. Select a sign-in policy in the Administrator URLs , User URLs or
Meeting URLs list.
3. Click the up and down arrows to change the selected policys
placement in the list.
4. Click Save Changes.